IT Central Station is now PeerSpot: Here's why

ArcSight Analytics OverviewUNIXBusinessApplication

ArcSight Analytics is #16 ranked solution in top User Behavior Analytics - UEBA tools. PeerSpot users give ArcSight Analytics an average rating of 6 out of 10. ArcSight Analytics is most commonly compared to Securonix UEBA: ArcSight Analytics vs Securonix UEBA. ArcSight Analytics is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a university, accounting for 26% of all views.
Buyer's Guide

Download the User Behavior Analytics - UEBA Buyer's Guide including reviews and more. Updated: June 2022

What is ArcSight Analytics?

ArcSight User Behavior Analytics offers enterprises the ability to monitor and detect from internal and external security threats and fraud.

ArcSight Analytics was previously known as ArcSight User Behavior Analytics, ArcSight UBA.

ArcSight Analytics Video

Archived ArcSight Analytics Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Madhusudhan RTalluri - PeerSpot reviewer
Principle Architect at Tech Mahindra
Real User
Has good behavioral analytics and anomaly detection features
Pros and Cons
  • "The features I have found most valuable are it capabilities for behavioral analytics and anomaly detection."
  • "ArcSight's features that can be improved include anything related to its visualization capabilities and user friendliness."

What is most valuable?

The features I have found most valuable are its capabilities for behavioral analytics and anomaly detection.

What needs improvement?

ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness. The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.

For how long have I used the solution?

I have been using ArcSight Analytics for two years.

What do I think about the stability of the solution?

The stability is very good, too. Relative to LogRythm, I cannot comment much because I don't have rich experience working with LogRhythm except doing some POC’s. So it would be not great on my part to comment. But my research showed that stability-wise both are the same, LogRhythm maybe a little bit less stable. ArcSight is about a nine and LogRhythm about an eight.
Buyer's Guide
User Behavior Analytics - UEBA
June 2022
Find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft and others in User Behavior Analytics - UEBA. Updated: June 2022.
610,190 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and support?

I have contacted support and would rate them about 7.5. That's because response time and resolution are good. They are fine.

How was the initial setup?

The initial setup is not complex, but it does require skill. If somebody says that they can set it up in the span of weeks, I don't believe that it will not work out. If they say they can implement within and go live in one week, to what extent? I don't want to just look at the console, we need to start giving actual values and giving actual alerts where I can start taking some actions and start showing some proper implementation in the security portion from using this tool.

What other advice do I have?

The advice I would give to people who want to use ArcSight is to have patience and use the complete innovations of the tool, don't go by the superficial features. Do a total analytics of the tool to understand what value it can provide. On a scale of one to ten I would rate ArcSight an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Ashok KumarLokhande - PeerSpot reviewer
Cyber Security Consultant at Omana Airport Management Company
Real User
Top 20
Good log monitoring, but the interface is not user-friendly and it needs better integration with third-party solutions
Pros and Cons
  • "The most valuable feature is the log monitoring."
  • "ArcSight is not a user-friendly solution and the interface needs to be improved."

What is our primary use case?

We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.

What is most valuable?

The most valuable feature is the log monitoring.

What needs improvement?

ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced.

ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources.

The API needs to be improved.

Which solution did I use previously and why did I switch?

I have used other log management solutions including Splunk and Elasticsearch. I also use QRadar as a more general SIEM.

What other advice do I have?

This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch.

I would rate this solution a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
User Behavior Analytics - UEBA
June 2022
Find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft and others in User Behavior Analytics - UEBA. Updated: June 2022.
610,190 professionals have used our research since 2012.
Ahmed Naguib, Ccie Voice - PeerSpot reviewer
Cyber Security Manager at Malomatia
Real User
Excellent at correlating logs with very good stability and scalability, but the solution needs better reporting
Pros and Cons
  • "The ability to correlate different logs is the solution's most valuable feature."
  • "The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed."

What is our primary use case?

We are primarily using the solution for security alerts and correlation of security events and logs.

What is most valuable?

The ability to correlate different logs is the solution's most valuable feature.

What needs improvement?

The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed.

The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.

For how long have I used the solution?

I've been using the solution for seven years.

What do I think about the stability of the solution?

The stability of the solution is perfect.

What do I think about the scalability of the solution?

The scalability of the solution is excellent. We have 25 analysts that use the solution and at this time we do not plan to increase usage.

How are customer service and technical support?

We're not completely satisfied with technical support. It's an area the solution could improve.

How was the initial setup?

The initial setup has a moderate amount of complexity. It's something in between complex and straightforward. The process is not something that any beginner can do, however, is also doesn't require a highly skilled developer. It does require people to know what they are doing.

What about the implementation team?

We handled the deployment ourselves.

What's my experience with pricing, setup cost, and licensing?

If you compare it to even a few years ago, pricing seems to have improved a lot. However, it's still one of the most expensive solutions available on the market.

What other advice do I have?

I would rate the solution seven out of ten.

The solution is much more suited to complex use cases. If it's a very simple use case, then ArcSight is not the right choice for you.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Senior Systems Engineer at a tech services company with 501-1,000 employees
Reseller
A mature and well-regarded cyber security solution for big data, network security, and analytics
Pros and Cons
  • "Allows multiple integrations with multiple systems in a stable and flexible fashion."
  • "The GUI interface is not always intuitive and easy for non-technical users to work with."

What is our primary use case?

Our primary use for this product is to cover on DCI (Data Center Interconnect) requirement and design excerpts. It is used to connect all the links from different systems and environments. We also use it to do accommodations between the systems and environments and have multiple use cases between the systems.

How has it helped my organization?

Our organization has improved because ArcSight allows multiple integrations with multiple systems which we did not do before using the product. There can be multiple integrations with different parts of systems that process them. This can include files, XML, how the parts of the system receive connection, a specific API, other different products like anti-virus packages, or risk prediction.

We needed a predictive function that worked with other systems. It is supposed to be possible by using different agents. There is an agent called Smart Connector. Each connector has a specific role and function and launches with specific technologies.

What is most valuable?

All the features are valuable for us because we use all of them. It's like any other ESM (Enterprise Service Management) solution. You can use how you want to. It depends on the reports, on the correlation rule alerts, notifications, dashboards, all of the business rules. It is very important for most of the clients.

Most of the clients need to cover their BPI (Business Process Insight). They generate a lot of records to provide them for BPI department or risk department. That could be including their Instagram, or checking that the system's working fine, and information collected by the SIEM (Security Information and Event Management).

What needs improvement?

The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system.

Network and network paths could be supported better in integration with other network traffic catchers. It would be great then. 

For how long have I used the solution?

We have been using the product for five years.

What do I think about the stability of the solution?

I find the product to be very stable and we experience no problems with it.

What do I think about the scalability of the solution?

It is scalable based on the fact that licenses could be added-on. There is a part of the solution that requires an upgrade to ArcSight that could provide additional capabilities and many-stepped solutions that could be installed in an ISP provider. 

How are customer service and technical support?

On occasion, we have contacted customer support. We have bought a support contract just in case there is any failure or other issues that could happen on the system. Sometimes we need their support directly to efficiently solve an issue. Their support is very helpful, and they can help you and provide you good solutions.

Which solution did I use previously and why did I switch?

We sometimes use different solutions. We have RSA and ArcSight implementations. We use RSA to do networking and the use of ArcSight depends on the need of the customer. Sometimes there are customers who ask for RSA. Sometimes there are customers who have knowledge about ArcSight and they like what it provides and the features it has but they want to improve how they use it in their system. There is no need to have a new system to implement a new solution. 

How was the initial setup?

The initial installation has co-integration and settings, so it is mostly straightforward. But sometimes customers need specific co-integration and finer tuning saved on their system.

The base deployment for any system will take around two weeks. With integration and customization, it may be another two weeks to three weeks maximum.

What about the implementation team?

We provide support for our customers in ArcSight and RSA so we do our own installations and installations for clients.

What was our ROI?

The product is not really intended to generate income as it is a security solution.

Which other solutions did I evaluate?

We did not evaluate other solutions as through research we could tell the product was well accepted and had the solutions we needed.

What other advice do I have?

Advice that I would give to other people who are considering using this product is that they need to have a good working knowledge of the system. They might want to consider training. They need to be able to specify exactly what the scope of the project is for the net position and in their implementation and installation. If customers who have common needs, like a solution to cover PCI (Payment Card Industry) only, I sometimes advise them to not invest in this system, because it is not made to only cover your PCI requirements.

If I had to rate this product on a scale from one to ten it would be an eight. It would rate higher if there were better flexibility and the GUI was easier to read and use.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Analyst at Orange
Real User
Provides us with valuable user-connection details for our servers
Pros and Cons
  • "This solution allows us to identify connections for all users."
  • "The interactive dashboard is complicated and you need to have training in order to use it, so I think that it could be made easier to use."

What is our primary use case?

We use this solution for log management and correletion.

How has it helped my organization?

We have specific use cases for our platform and it helps us to monitor connexion to applications and investigation.

What is most valuable?

This solution allows us to identify connections for all users. We can see the name, login time, IP address, and other information for each connection to each server. 

What needs improvement?

The interactive dashboard is more complicated comparing to his concurrent Qradar and you need to have training in order to do complexe configuration, so I think that it could be made easier to use. It's very powerful, stable, but not very user-friendly.

I would like to see the documentation improved because it is not enough accessible, flexible or pertinent. It is not very rich.

For how long have I used the solution?

I have been using this solution for more than four years.

What do I think about the stability of the solution?

This is a very stable solution.

What do I think about the scalability of the solution?

Scaling this solution is easier if you have support.

I am currently the only user for this solution in the company.

How are customer service and technical support?

The local support for this solution needs improvement.

Which solution did I use previously and why did I switch?

We used previouly Loglogic. We acquired it for investigation purposes so that we can learn more about who is connected to the server.

How was the initial setup?

The installation of this solution is easy.

What other advice do I have?

This solution has taught me a lot about log files, including what types of network information is contained in them.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Team Leader at a tech services company with 501-1,000 employees
Real User
Easily creates use cases and reports, but needs improves to the GUI and dashboards
Pros and Cons
  • "This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard."
  • "I would like to see integration with automation products, such as Phantom Automation."

What is our primary use case?

We use this solution for the authentication of software.

What is most valuable?

This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard.

The parallel logic to create queries is very helpful. 

What needs improvement?

The GUI and dashboards are very basic and need to be improved.

The product does not have continuous updates.

I would like to see easy integration with the Intelligence Suite.

I would like to see integration with automation products, such as Phantom Automation.

For how long have I used the solution?

We have been using this solution for five years.

What do I think about the stability of the solution?

This is a very stable solution. It is the most stable ESM that I have worked with.

What do I think about the scalability of the solution?

Scalability of this solution is very good.

We have twenty analysts using this solution, and we do not plan on expanding our usage at this time.

How are customer service and technical support?

Technical support for this solution has been very helpful.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup of this solution is straightforward.

What about the implementation team?

We used a consultant to assist us with the deployment.

What other advice do I have?

This is a solution that I recommend.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Bechara Abou Rahal - PeerSpot reviewer
Software Engineer at BMB
Real User
Facilitates compliance and provides important visibility
Pros and Cons
  • "The two most valuable features of this solution are its stability and scalability."
  • "There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console."

What is our primary use case?

We implement this solution for our clients.

It is primarily used for compliance, but also for analytics and SOC implementation.

All of the deployments that we have implemented are on-premises.

How has it helped my organization?

This product improves visibility, whereas prior to implementing this solution there is no visibility.

This solution facilitates compliance because it is able to generate reports to see which users or servers are not compliant with specific standards, such as PCI or ISA.

What is most valuable?

The two most valuable features of this solution are its stability and scalability.

What needs improvement?

The pricing of this solution should be improved.

The UX for the SOC analyst does not match that of the competitors, and therefore needs improvement. There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console. The most important thing to work toward is having a user-oriented interface.

In the next release of this solution I would like to see user data analytics, and some machine learning capabilities.

For how long have I used the solution?

We have been using this solution for ten years.

What do I think about the stability of the solution?

This solution is extremely stable.

What do I think about the scalability of the solution?

This is an extremely scalable solution.

We have five analysts who operate this solution on average, and about five hundred people who it caters to.

How are customer service and technical support?

Technical support for this solution is good. Compared to other vendors, it is very good.

How was the initial setup?

The deployment is not that technical. It takes, on average, thirty days, depending on the environment. It is similar to any ESM.

What's my experience with pricing, setup cost, and licensing?

Pricing for this solution depends on the size of the environment. It can range between $30,000 and $40,000 USD, and can go up to $500,000 and $600,000 USD.

What other advice do I have?

The biggest lesson that I have learned from using this product is that the tool is not the most important component. The tool is important, but the intelligence that you put into it is even more so.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
SOC Engineer at a transportation company with 1,001-5,000 employees
Real User
Scalability is poor; we need the ability to capture larger amounts of data
Pros and Cons
  • "One of the most valuable features is the alerts."
  • "I would like to see orchestration."
  • "It's a difficult product to navigate, it's complex."

What is our primary use case?

Our primary use case for this solution is as a SIEM.

How has it helped my organization?

We're leveraging it to detect incidents and attacks. We have seen a measurable decrease, by about 20 percent, in the mean time to detect and respond to risks. It has also helped to increase staff productivity, saving 20 percent in terms of time.

What is most valuable?

One of the most valuable features is the alerts.

What needs improvement?

I would like to see orchestration.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

The scalability is poor. We need the ability to capture larger amounts of data.

How are customer service and technical support?

Technical support is average.

Which solution did I use previously and why did I switch?

This is the first solution of its kind that we deployed.

How was the initial setup?

The initial setup was complex. It's a difficult product to navigate, it's complex. And the service was poor, back when we started with the product.

What's my experience with pricing, setup cost, and licensing?

In addition to the costs of standard licensing fees, there is the cost of labor for maintenance.

What other advice do I have?

Understand your data first and then find a solution that handles the data you have.

I rate the solution at four out of ten because of the complexity and the lack of ability to capture large amounts of data.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder at a tech services company with 1-10 employees
Real User
Not easy to use and requires notable training, but integrates well with other products
Pros and Cons
  • "The data collection and the integration with different products are valuable features."
  • "[There is] complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training."

What is our primary use case?

We use it as a SIEM. We're using the enterprise edition.

How has it helped my organization?

We have seen a measurable decrease in the mean time to detect and respond to threats. It has also definitely added to what our customer had. We are integrating a lot of tools for one of our customers and it has really helped to improve their current security posture.

What is most valuable?

The data collection and the integration with different products are valuable features.

What needs improvement?

I would like to see some advanced analytics.

What do I think about the scalability of the solution?

The solution is scalable but it is not easy to use.

How are customer service and technical support?

Technical support is average.

Which solution did I use previously and why did I switch?

We did not switch. This is the first time we have done such an installation.

How was the initial setup?

The initial setup was complex.

What's my experience with pricing, setup cost, and licensing?

The monthly licensing fee is around $20,000. There aren't any costs in addition to the standard licensing fee.

Which other solutions did I evaluate?

We looked at Splunk and HelpSystems. There were a few more vendors but I don't recollect all their names. Because of the number of integrations that ArcSight has, it was more applicable to our use case.

What other advice do I have?

You can use this solution for limited use cases. But for more advanced use cases, there are other solutions which are better than ArcSight.

I would rate this solution at five out of ten because of the complexity in maintaining it and managing it. It's not easy to use. It requires a lot of training. It needs better technical support and help with onboarding.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Syed Ubaid Ali Jafri - PeerSpot reviewer
Manager Security Operation Center at Engro Corporation
Real User
It has improved our system and network policy monitoring
Pros and Cons
  • "Less resource consumption in terms of memory and processing."
  • "ArcSight Analytics has improved our system and network policy monitoring."
  • "I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time."
  • "Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked."

What is our primary use case?

I have used ArcSight Analytics to assess environments with more than a 100 network devices and 12 different firewalls. 

I have used it to evaluate 120 servers, which include Sybase, AIX, SAP, Windows, other Linux-based servers. 

It has been used with Db2 and Oracle databases.

How has it helped my organization?

ArcSight Analytics has improved our system and network policy monitoring. It comes with an option to generate and escalate a ticket. We can forward the ticket to the relevant person indicating ticket severity and incident type. A hierarchical structure can be defined to determine the right person.

Threat Level Formula is an important feature in this product. It helps users to add a critical device. In addition, the rate for log filtration is quick. The filtration options are useful and authentic compared to other products.

What is most valuable?

I have found the following features extremely useful:

  • Automatic log parsing and sorting.
  • Individual command monitoring across the network by the SAP database admin.
  • Less resource consumption in terms of memory and processing.
  • Well organized licensing of the product.

What needs improvement?

They should improve on the following:

  • Timely resolution of issues and proper support once a ticket has been generated.
  • Systems appearing on the network which are not part of the domain controller. These should be monitored.
  • Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked.
  • Logger monitoring should be separated from ESM monitoring.
  • Ability to integrate with cloud-based applications and monitor cloud-based events.
  • Ability to log and notify tailored rules via SMS/email.
  • Provide more ArcSight training and workshops.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I faced stability issues with Windows Operating System. The installed connectors hang if they remain idle for a long period of time.

What do I think about the scalability of the solution?

I have experienced no issues with the product's scalability.

How are customer service and technical support?

Customer service has not been up to the mark. They take longer than they should to resolve issues.

Which solution did I use previously and why did I switch?

I implemented different open source solutions before switching to ArcSight Analytics. Open source solutions were not able to meet the requirements in terms of event correlation, log parsing, normalization, integration, and alerts.

How was the initial setup?

The initial setup was pretty straightforward.

What about the implementation team?

It was implemented using a vendor team. Their level of expertise was minimal.

What was our ROI?

  • Surveillance of critical system have more control.
  • Investigating an incident has become super easy and helpful.
  • Resource use without authorization is now restricted.

What's my experience with pricing, setup cost, and licensing?

ArcSight Analytics is a bit expensive compared with other tools in terms of licensing costs, training, hardware implementation, and support.

Which other solutions did I evaluate?

I assessed SAP, Sybase, Db2, AIX, and MDM before switching to ArcSight Analytics.

What other advice do I have?

They should conduct more training, seminars, demonstrations, and workshops to reach more IT professionals.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free User Behavior Analytics - UEBA Report and find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft, and more!
Updated: June 2022
Buyer's Guide
Download our free User Behavior Analytics - UEBA Report and find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft, and more!